Mozilla Foundation Security Advisory 2013-110

Potential overflow in JavaScript binary search algorithms

Announced

December 10, 2013

Reporter

Dan Gohman

Impact

Moderate

Products

Firefox, SeaMonkey

Fixed in

Firefox 26

SeaMonkey 2.23

Description

Compiler Engineer Dan Gohman of Google reported that binary
search algorithms in the SpiderMonkey JavaScript engine were prone to overflow
in several places, leading to potential out-of-bounds array access. While none
of these are known to be directly exploitable, they are unsafe in theory and
have been changed as part of general security improvements.

In general these flaws cannot be exploited through email in the
Thunderbird and Seamonkey products because scripting is disabled, but are
potentially a risk in browser or browser-like contexts.